Audits - How best to prepare?

Few things trigger an acute case of anxiety like an upcoming Audit. Whether its for a customer or a re-accreditation on a particular standard, an evaluation or inspection of you process can be an uncomfortable position to be in.

How have you or your company approached audits? Do you arrange pre-audit meetings to ensure all documentation and requirements have been met? Do you conduct internal audits to catch issues before the real audit? What other things have been successful in preparing for an upcoming audit?

Please share your thoughts, experiences, or questions here!

4

Comments

In most companies I've worked for, we spent many anxious hours preparing for audits. During this time catching any problems and clearing them up so everything was spic and span. But the shortcoming in that activity was not a problem solving session and more of a "hide it from the auditor" mentality. In my experience, this only works for so long before something catastrophic happens. Such as someone mentioning the activity and the auditor starting to ask questions. BTW, the real danger is when an auditor sits back and listens as someone digs a hole. What I've been working towards is to be in a constant state of preparedness. This takes lots of legwork and a hard, unbiased look at the real state of the organization. So in short, I find it best to perform strong internal audits and fix the problems. The results have been successful in that most registrar corrective actions have been minor. However, the IATF is applying pressure to registrars to have an average of 4.5 findings per audit. So they are going to dig until they find something.

To skat - this was a direct quote from our registrar during IATF transition training. If they do not comply they will be subject to witness audits from the IATF until they reach a level they are satisfied with. It is an odd requirement that the registrar is having difficulty with.

SRI Registrars. The statement is what I said. "the IATF is applying pressure to registrars to have an average of 4.5 findings per audit." Our auditor also expressed during our last surveillance audit that the IATF requires auditors to write nonconformances.

The best time to prepare for the next audit is 1 hour after the auditor has left, in my experience. While the pain is fresh and the adrenelin is still running is the best time to list a) the things that did go wrong, including findings; 2) the things they might have found if you had not distracted them with questions, 3) the internal items you know have to be established at the next audit, 4) the things they tell you, or strongly hint, they will look for next time. These are all placed on an action plan by priority, and on a Gantt Chart by priority with milestones for accomplishment and tombstones if they are not.

Having recently graduated from the AIAG IATF 5 day lead auditor course, our instructor informed our class that "they" - the IAOB ?- actually use an individuals cart to track findings by auditor against a goal - a process capability study. If your auditor is nowhere near that "goal" a witness audit - similar to, but far more painful than an IRS audit - will be in order.I have endured both. In a witness audit, no prisoners are taken, any bodies under the carpet will be uncovered, and scorched earth is the plan ofthe day. IATF is TSteroids

Re: requirements to write NCR's - Since there has been a drastic decrease in the number of TS auditors, and the number of IATF auditors is very few, I think they are more likely to write minor's rather than majors. The reason is that a major requires re-visit for verification, and there is not enough time and people now to perform regular audits. The IATF & IAOB in a meaningless rush to get IATF on the street in OCT 2016 did not consider the capability of the people who would have to implement this greatly bloated standard and the people who have to audit it. Overall process capability of the entire sytem was never considered. Doubtless Dr.Deming would have made much of this.

Maybe a little off topic - What I like to do is reading the main SOPs outloud (as funny as that sounds) in front of the key players to make sure it makes sense...From an Auditors perspective they want easily understand what your SOPs are saying and what they are asking for. This is critical.

That sounds like a wonderful technique Tony! I often use a similar approach when creating documentation and I like to broaden my audience to those who aren't familiar with the subject matter. If I can convince them it makes sense I feel better moving forward.

My approach to this question is a little different. I am of the belief that if the QMS is part of the normal every day business processes, there should not be much preparation required. They should be auditing you on your processes on which you execute daily. IMO, last minute scrambling occurs when the QMS is not regularly utilized and the employees are not familiar with the procedures. However, I do think internal audits are a good approach to get employees in the practice of undergoing audits. Our company prefers to outsource internal audits to a consulting company.